Skip to main content
Version: 2.5

Cube.COS - Release Note

Abstract#

Bigstack CUBE.COS 2.5 is a major release for CUBE.COS cloud operating system. This release provides the following updates to Bigstack CUBE.COS version 2.5:

  • Based on CentOS Stream 9
  • Kernel version : 5.14.0-435
  • Nova version : 25.3.0 (Yoga)
  • Ovn version : 23.03
  • Ceph version : 17.2.6 (Quincy)
  • Rancher version : v2.7.9
  • Nvidia GPU driver to 535.104

New functionality#

  • Cloud Computing
    • Added support of VFIO and GPU Passthrough
    • Centralized GPU management across GPU nodes
    • Added support of GPU / PCI devices auto orchestration
    • Added CLI option to reset instance status for recovery
  • Storage
    • Volume Mirror
      • Enhanced mirror management in a single view
      • Added support of journal or snapshot for each mirror rule
      • Added support of instance creation from target volume in backup site
      • Enhanced virtual machine power state aligned with mirror promotion/demotion process
    • Object Storage - CLI options to manage bucket quota and IP filters
  • Networking and Network Security
    • Added CLI option to fix errors on loadbalancer-as-a-service
  • Operation and Management
    • New CLI options
      • to update license by node
      • to update license from ISO image
      • to check and repair filesystem on instances
      • to detect conflicts with IP addresses in the environment
    • Benchmark tools for
      • Hard drives
      • Storage pools
    • Added alert management for threshold adjustment
      • Global settings for all alerts
      • Individual setting for specific service
    • Added support of
      • hard drive model and serial number detection
      • disk failure prediction
      • cluster check on disk failure (new error code)

Changed features#

  • There is no changed feature in this release.

Fixed defects#

  • Bug Fixes since Cube 2.3.0, including fixpacks and hotfixes.

Fixpacks#

Enhancements and fixes in Cube 2.4#

  • Patched Security Updates
    • Information disclosure flaw found in ansible-core (CVE-2024-0690)
    • A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record (CVE-2023-38469)
    • A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function (CVE-2023-38471)
    • A reachable assertion exists in the avahi_rdata_parse() function (CVE-2023-38472)
    • A reachable assertion exists in the avahi_escape_label() function (CVE-2023-38470)
    • A reachable assertion exists in the avahi_alternative_host_name() function (CVE-2023-38473)
    • This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash (CVE-2023-1981)
    • BIND9 bad allocation of resources that can affect the available memory of the system (CVE-2023-2828)
    • Prevent possible endless loop when refreshing stale data (CVE-2023-2911)
    • BIND9 limit the amount of recursion possible in the control channel (CVE-2023-3341)
    • AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)
    • Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
    • Insufficient randomness in the generation of DNS query IDs (CVE-2023-31147)
    • 0-byte UDP payload Denial of Service (CVE-2023-32067)
    • Exposure of resource to wrong sphere in runc (CVE-2024-21626)
    • Improper Preservation of Permissions in runc (CVE-2023-25809)
    • Use of Incorrectly-Resolved Name or Reference in runc (CVE-2023-27561)
    • Improper Link Resolution Before File Access ('Link Following') in runc (CVE-2023-28642)
    • Allocation of Resources Without Limits or Throttling in containerd (CVE-2023-25153)
    • CVE-2023-25173
    • Information leak through Cups-Get-Document operation (CVE-2023-32360)
    • Use-after-free in scheduler/client.c (CVE-2023-34241)
    • Heap buffer overflow may lead to DoS (CVE-2023-32324)
    • Return error if the hostname is too long for remote resolve (CVE-2023-38545)
    • Cookie injection with none file (CVE-2023-38546)
    • Lowercase the domain names before PSL checks (CVE-2023-46218)
    • Unify the upload/method handling (CVE-2023-28322)
    • Hostname wildcard checking (CVE-2023-28321)
    • FTP too eager connection reuse (CVE-2023-27535)
    • SSH connection is too eager to reuse (CVE-2023-27538)
    • GSS delegation too eager connection re-use (CVE-2023-27536)
    • SFTP path resolving discrepancy (CVE-2023-27534)
    • TELNET option IAC injection (CVE-2023-27533)
    • HTTP multi-header compression denial of service (CVE-2023-23916)
    • D-Bus unprivileged user to crash dbus-daemon issue (CVE-2023-34969)
    • Limited offered EDNS0 size 1232 (CVE-2023-28450)
    • Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)
    • Buffer overflow in the DHCPv6 client via a long Server ID option (CVE-2023-45230)
    • Out of Bounds read when handling an ND Redirect message with truncated options (CVE-2023-45231)
    • Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)
    • Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)
    • Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)
    • Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)
    • Openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
    • Openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
    • Sensitive information disclosure due to improper HTTP body handling in urllib3 (CVE-2023-45803)
    • PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack (CVE-2023-52323)
    • Possible arbitrary HTML attribute injection leading to Cross-Site Scripting (XSS) in Jinja (CVE-2024-22195)
    • Possible information leakage due to HTTP redirects when custom cookie headers are set in urllib3 (CVE-2023-43804)
    • Removing insecure root certificate authority (CVE-2023-37920)
    • The httpd-2.4.62-1.el9.x86_64 package now includes critical security enhancements, specifically addressing the recently identified vulnerability (CVE-2023-43622)

OpenStack Services#

Web Frontend#

  • Horizon (Dashboard)

Share Services#

  • Keystone (Identity)
  • Glance (Image)
  • Barbican (Key Store)

Compute#

  • Nova (Virtual Machine)
  • Ironic (Bare-metal)

Accelerator#

  • Cyborg (GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK and so on)

Networking#

  • Neutron (SDN/NFV, VPN as a Service)
  • Octavia (Load Balance as a Service)
  • Designate (DNS as a Service)

Storage#

  • Cinder (Block Storage)
  • Manila (File Storage)
  • Swift (Object Storage)

Orchestration#

  • Heat (Orchestration)
  • Senlin (Auto-scaling)

Monitoring#

  • Monasca (Telemetry)

High Availability#

  • Masakari (Instance HA)

Resource Optimaztion#

  • Watcher (Infrastructure Optimization)

Cube Infrascope#

  • ELK
    • Elasticsearch (v7.10) Opensearch (v2.10)
    • Kibana (v7.10) Opensearch-dashboards (v2.10)
    • Logstash (v8.9.0)
    • Filebeat (v8.10.2)
    • Auditbeat (v8.10.2)
  • TIGK
    • Telegraf (v1.17)
    • Influxdb (v1.8.10)
    • Grafana (v7.5.9) Grafana-enterprise (v10.1.5)
    • Kapacitor (v1.5.7)
  • Data Pipeline
    • Zookeeper (v2.13)
    • Monasca (v2.5.0)
    • Kafka (v2.7)

Identity#

  • Keycloak (v17.0.1)

Announcements#

The Bigstack CUBE.COS cloud operating system version 2.4 is generally available in May, 2024.

Compatibilities#

The following Cube related products are currently supported by Cube 2.4 and can only be run against Cube 2.4 or above.

  • CUBE.CMP 1.7
    • Prerequisites: Cube 2.4 with AppFramework deployed
  • CUBE.VDI Driver and integration
    • Prerequisites: Cube 2.4 and Cube VDI essentials

Contact Bigstack: https://www.bigstack.co/contact/ for details of Cube products.

Installation and Configuration#

For CUBE.COS installation, see the following topics in Bigstack documentation.

To get started with CUBE.COS, see Quick Start in Bigstack documentation.

Known issues#

After enable OTP login, Keycloak page show nothing.

Related information#

Bigstack Co., Ltd. is a software and consulting company, focused on open source, software-defined data center, cloud platforms, and security.

Contact Bigstack: https://www.bigstack.co/contact/

Last updated on by Roy Tan